Internal Control

Shish Haider Chowdhury

Director, FAPAD
Cell: 018 19225594

Definition
Internal control refers to the whole system of
control in undertaking operational activities
which includes internal check, internal audit
and any other form of control.

Definition
In accounting and auditing, internal control is defined
as a process effected by an organization's structure,
work and authority flows, people and management
information systems, designed to help the
organization accomplish specific goals or objectives.
It is a means by which an organization's resources
are directed, monitored, and measured. It plays an
important role in preventing and detecting fraud and
protecting the organization's resources.

Internal control process

Internal control process

Is it internal control?

Is it internal control?

What about this?

Why internal control?

Promote operational efficiency and

effectiveness
Provide reliable financial information
Safeguard assets and records
Encourage adherence to prescribed policies
Comply with regulatory agencies

Basic Concepts of Internal Controls

Management, not auditors, must establish and

maintain the entitys controls
Internal controls structure should provide reasonable
assurance that financial reports are correctly stated
No system can be regarded as completely effective
Should be applied to manual and computerized
systems

Value of Internal Controls

Transactions are:

valid
property authorized
Recorded
properly valued
Properly classified
Timely
Reconciled to subsidiary records

Control Environment Consists of:

Management philosophy and operating style

Organization structure

Tone at the top

Separation of duties
Fiscal officer reporting lines

Assignment of authority and responsibility

Does everyone understand their role?

Responsibility without authority

Control Environment Consists of:

Competent, knowledgeable personnel

Communication and information systems

Internal audit function

Personnel policies and procedures

Training and development

Either in-source or outsource

External influences

Compliance
External auditors

Internal Control Procedures

Personnel
Proper procedures for authorization
Adequate separation of duties
Adequate documents and records
Physical control over assets and records
Independent checks on performances

Other Elements to Remember

Consistency of policy compliance

Coordination in a decentralized environment
Completeness and relevancy of policies
Issue escalation and resolution process
Accountability
Flow of financial information

Key Concepts to Retain

Internal control is a process. It is a means to

an end, not an end itself.
Internal control is affected by people. It is not
just manuals and policies, but the people at
all levels of the organization.
Internal control can be expected to provide
reasonable assurance, not absolute
assurance, to an entities management or
board.

Want some examples?

Think about what YOU do

You lock your home and your vehicle.

You keep your ATM/debit card pin number
separate from your card.
You review bills and credit card statements
before paying them.
You dont leave blank checks or cash just lying
around.
You expect your children to ask permission
before they can do certain things.

Internal controls are meant to:

Protect assets

Ensure records are accurate

Promote operational efficiency

Encourage adherence to policies, rules,

regulations, and laws.

Internal controls are usually

PREVENTIVE or DETECTIVE

Preventive - lets stop an

unwanted outcome before it
happens.

Detective - lets find the

problem before it grows.

Goals of an internal control system

621

Resources are safeguarded

Policies of management are
followed
Designed to prevent errors
and fraud

Elements of Internal Control

Separation of duties
Quality of employees
Bonded employees
Periods of absence
Procedures manual
Clear lines of authority &
responsibility
Pre-numbered documents
Physical control over assets
Performance evaluations

Separation of duties

623

Whenever possible, the

functions of
authorization, recording
and custody should be
exercised by separate
individuals.
This minimizes the
likelihood of errors and
embezzlement.

Quality of employees
Hire and keep employees
that are:
Competent
Honest
Trained to do a variety of
tasks.
624

Bonded Employees

625

A Fidelity Bond is insurance

coverage to protect the
employer if an employee is
dishonest (embezzles).

Periods of Absence
Require vacations and rotate
employees

626

Illegal activities are often

uncovered when someone
else performs the offenders
duties for a few days.

Procedures Manual

Provide Procedures Manuals

detailing the correct
procedures for processing
transactions.

627

These procedures should be

designed to promote accuracy
and internal control.

Clear lines of authority & responsibility

Organization Chart

628

Make sure employees

understand the extent of
their authority and
responsibilities.
Define and
communicate the
appropriate chain of
command.

Pre-numbered documents

629

Reduces the likelihood

of unauthorized
transactions.
Reduces the likelihood
of embezzlements.
Be sure to account for
the sequence of
documents periodically

Physical control over assets

630

Safeguard all assets-cash, equipment,

inventory, etc.
Be sure to keep all
records and supporting
documents in a fireproof
safe.

Performance Evaluations

631

Independent verification
of performance.
Includes such things as
an external audit by
SAI, the internal audit
function, count of
inventory, etc.

Good job!

Internal Control in Computer Systems

Basic internal controls apply to

both manual and computerized
systems.
Some controls are specific to
computerized systems.

632

Tests of reasonableness
Audit around the computer

Proper documentation and

system (both program and data)
backup are essential.
Significant technical
expertise may be needed.

Controlling CASH

633

Cash has universal appeal and

ownership is difficult to prove.
Both cash receipts and cash
payments should be recorded
immediately when received and
made.
Checks should be pre-numbered
and kept secure.

Accounting for Cash

Reconciling the Bank Statement

An important part of internal control

Need for calculating a true cash balance
Two sections to be reconciled

balance per bank

balance per books

If there are any mistakes or transactions that

have not been recorded in the companys books,
adjusting journal entries will be needed.

Internal Audit Perspective

Effectiveness of Internal Controls related to operations and financial
statement reliance
- Whether or not your organization is audited by any external party
and/or has an internal audit function, as an ICO or coordinator, you
are responsible for:

1. Establishing the system of internal control

2. Establishing the system of internal control review
3. Making management guidelines and policies
available to all employees
4. Implementing education and training about internal
control
5. Performing internal control evaluations and
assisting in the improvement of the effectiveness of
the internal control program

Differences between Internal

Control and Internal Audit

Internal controls and program development

are the responsibility of agency
management.

IAs goal, while concerned with accounting

rule compliance, has a much larger scope
including functional and operational
effectiveness and compliance with
applicable laws and regulations. The
objectives of the internal auditor should be
aligned with the strategic objectives of the
company.

Differences

Management is responsible for self

monitoring and identifying and mitigating
risks. Internal Audit evaluates managements
IC program.

IA is responsible to the Audit Committee of

the Board of Directors.

IA activities are not a control it is an

evaluation over the effectiveness of the IC
program.

Differences

EA is responsible to financial statement users and

the Audit Committee of the Board of Directors.
IA staff and ICO are employed by an organization;
EA firms are not employed by the organization
they audit.
EAs goal is to verify that a company they audit
complies with accounting standards. Auditing is
not a control.
Report distribution differs.
Materiality thresholds differ.
ICO is prospective; IA and EA are retrospective.